Skip to content

Commit

Permalink
Merge pull request #396 from Strongminds/master
Browse files Browse the repository at this point in the history
3.2.3 Hotfix
  • Loading branch information
mrjsawdk authored Jun 15, 2020
2 parents 98f0a24 + 01d0028 commit 9ca716b
Show file tree
Hide file tree
Showing 132 changed files with 249 additions and 16,667 deletions.
2 changes: 1 addition & 1 deletion Core.ApplicationServices/SSO/Factories/ISsoStateFactory.cs
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ namespace Core.ApplicationServices.SSO.Factories
public interface ISsoStateFactory
{
AbstractState CreateInitialState();
AbstractState CreatePrivilegeVerifiedState(Guid userExternalUuid);
AbstractState CreatePrivilegeVerifiedState(Guid userExternalUuid, string cvrNumber);
AbstractState CreateUserLoggedIn(User valueUser);
AbstractState CreateUserIdentifiedState(User user, StsBrugerInfo stsBrugerInfo);
AbstractState CreateAuthorizingUserState(User user, Organization organization);
Expand Down
12 changes: 6 additions & 6 deletions Core.ApplicationServices/SSO/Factories/SsoStateFactory.cs
Original file line number Diff line number Diff line change
Expand Up @@ -60,12 +60,12 @@ public AbstractState CreateInitialState()
{
throw new InvalidOperationException("Error: No SAML state");
}
return new InitialFlowState(_configuration, Saml20IdentityParser.CreateFrom(_samlState.Value), this);
return new InitialFlowState(_configuration, Saml20IdentityParser.CreateFrom(_samlState.Value), this, _logger);
}

public AbstractState CreatePrivilegeVerifiedState(Guid userExternalUuid)
public AbstractState CreatePrivilegeVerifiedState(Guid userExternalUuid, string cvrNumber)
{
return new PrivilegeVerifiedState(userExternalUuid, _userRepository, _infoService, _ssoUserIdentityRepository, this);
return new PrivilegeVerifiedState(userExternalUuid, cvrNumber, _userRepository, _infoService, _ssoUserIdentityRepository, this);
}

public AbstractState CreateUserLoggedIn(User user)
Expand All @@ -75,12 +75,12 @@ public AbstractState CreateUserLoggedIn(User user)

public AbstractState CreateUserIdentifiedState(User user, StsBrugerInfo stsBrugerInfo)
{
return new UserIdentifiedState(user, stsBrugerInfo, _ssoUserIdentityRepository, _ssoOrganizationIdentityRepository, _organizationRepository,this,_logger);
return new UserIdentifiedState(user, stsBrugerInfo, _ssoUserIdentityRepository, _ssoOrganizationIdentityRepository, _organizationRepository, this, _logger);
}

public AbstractState CreateAuthorizingUserState(User user, Organization organization)
{
return new AuthorizingUserState(user, organization, _organizationRoleService,this);
return new AuthorizingUserState(user, organization, _organizationRoleService, this);
}

public AbstractState CreateAuthorizingUserFromUnknownOrgState(User user)
Expand All @@ -90,7 +90,7 @@ public AbstractState CreateAuthorizingUserFromUnknownOrgState(User user)

public AbstractState CreateAssigningRoleState(User user, Organization ssoOrganization)
{
return new AssigningRoleState(user,ssoOrganization,_organizationRoleService,this);
return new AssigningRoleState(user, ssoOrganization, _organizationRoleService, this);
}

public AbstractState CreateFirstTimeUserNotFoundState(StsBrugerInfo stsBrugerInfo)
Expand Down
17 changes: 17 additions & 0 deletions Core.ApplicationServices/SSO/Model/Saml20IdentityParser.cs
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,23 @@ public static Saml20IdentityParser CreateFrom(ISaml20Identity sourceIdentity)
return new Saml20IdentityParser(new Saml20IdentityNavigator(sourceIdentity));
}

public Maybe<string> MatchCvrNumber()
{
var cvrNumberAttributes = _navigator
.GetAttribute(StsAdgangsStyringConstants.Attributes.CvrNumber)
.Select(x => x.AttributeValue)
.GetValueOrFallback(new string[0]);

foreach (var cvrNumber in cvrNumberAttributes)
{
if (!string.IsNullOrEmpty(cvrNumber))
{
return cvrNumber;
}
}
return Maybe<string>.None;
}

public Maybe<KitosSamlPrivilege> MatchPrivilege(string privilegeId)
{
return
Expand Down
8 changes: 4 additions & 4 deletions Core.ApplicationServices/SSO/State/AuthorizingUserState.cs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ public class AuthorizingUserState : AbstractState
private readonly IOrganizationRoleService _organizationRoleService;
private readonly ISsoStateFactory _ssoStateFactory;

public AuthorizingUserState(User user, Organization ssoOrganization, IOrganizationRoleService organizationRoleService,ISsoStateFactory ssoStateFactory)
public AuthorizingUserState(User user, Organization ssoOrganization, IOrganizationRoleService organizationRoleService, ISsoStateFactory ssoStateFactory)
{
_user = user;
_ssoOrganization = ssoOrganization;
Expand All @@ -25,14 +25,14 @@ public override void Handle(FlowEvent @event, FlowContext context)
{
if (@event.Equals(FlowEvent.OrganizationFound))
{
var rolesInOrganization = _organizationRoleService.GetRolesInOrganization(_user,_ssoOrganization.Id);
var rolesInOrganization = _organizationRoleService.GetRolesInOrganization(_user, _ssoOrganization.Id);
if (rolesInOrganization.Any())
{
context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(_user),_=>_.HandleUserHasRoleInOrganization());
context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(_user), _ => _.HandleUserHasRoleInOrganization());
}
else
{
context.TransitionTo(_ssoStateFactory.CreateAssigningRoleState(_user,_ssoOrganization),_=>_.HandleUserHasNoRoleInOrganization());
context.TransitionTo(_ssoStateFactory.CreateAssigningRoleState(_user, _ssoOrganization), _ => _.HandleUserHasNoRoleInOrganization());
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ private User CreateAutoProvisonedUser(Organization organizationByCvrResult)
user.Name = _stsBrugerInfo.FirstName;
user.LastName = _stsBrugerInfo.LastName;
user.DefaultOrganization = organizationByCvrResult;
user.Salt = string.Format("{0:N}{0:N}", Guid.NewGuid());
user.Salt = _cryptoService.Encrypt($"{Guid.NewGuid():N}{Guid.NewGuid():N}");
user.Password = _cryptoService.Encrypt(string.Empty);
_userRepository.Save();
return user;
Expand Down
1 change: 0 additions & 1 deletion Core.ApplicationServices/SSO/State/FlowContext.cs
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
using System;
using NotImplementedException = System.NotImplementedException;

namespace Core.ApplicationServices.SSO.State
{
Expand Down
24 changes: 19 additions & 5 deletions Core.ApplicationServices/SSO/State/InitialFlowState.cs
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
using Core.ApplicationServices.SSO.Factories;
using Core.ApplicationServices.SSO.Model;
using Core.DomainModel.Result;
using Serilog;

namespace Core.ApplicationServices.SSO.State
{
Expand All @@ -10,14 +11,17 @@ public class InitialFlowState : AbstractState
private readonly string _samlKitosReadAccessRoleIdentifier;
private readonly Saml20IdentityParser _parser;
private readonly ISsoStateFactory _stateFactory;
private readonly ILogger _logger;

public InitialFlowState(
SsoFlowConfiguration configuration,
SsoFlowConfiguration configuration,
Saml20IdentityParser parser,
ISsoStateFactory stateFactory)
ISsoStateFactory stateFactory,
ILogger logger)
{
_parser = parser;
_stateFactory = stateFactory;
_logger = logger;
_samlKitosReadAccessRoleIdentifier = $"{configuration.PrivilegePrefix}/roles/usersystemrole/readaccess/1";
}

Expand All @@ -26,10 +30,20 @@ public override void Handle(FlowEvent @event, FlowContext context)
if (@event.Equals(FlowEvent.LoginCompleted))
{
var externalUserUuid = GetUserExternalUuid();
if (externalUserUuid.HasValue && CurrentUserHasKitosPrivilege())
var cvrNumber = _parser.MatchCvrNumber();
if (externalUserUuid.IsNone)
{
context.TransitionTo(_stateFactory.CreatePrivilegeVerifiedState(externalUserUuid.Value),
_ => _.HandleUserPrivilegeVerified());
_logger.Error("No external UUID passed from STS Adgangsstyring");
context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUnknownError());
}
else if (cvrNumber.IsNone)
{
_logger.Error("CVR number not provided from STS Adgangsstyring");
context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUnknownError());
}
else if (CurrentUserHasKitosPrivilege())
{
context.TransitionTo(_stateFactory.CreatePrivilegeVerifiedState(externalUserUuid.Value, cvrNumber.Value), _ => _.HandleUserPrivilegeVerified());
}
else
{
Expand Down
10 changes: 7 additions & 3 deletions Core.ApplicationServices/SSO/State/PrivilegeVerifiedState.cs
Original file line number Diff line number Diff line change
Expand Up @@ -11,18 +11,22 @@ namespace Core.ApplicationServices.SSO.State
public class PrivilegeVerifiedState : AbstractState
{
private readonly Guid _userUuid;
private readonly string _cvrNumber;
private readonly IStsBrugerInfoService _stsBrugerInfoService;
private readonly ISsoUserIdentityRepository _ssoUserIdentityRepository;
private readonly ISsoStateFactory _ssoStateFactory;
private readonly IUserRepository _userRepository;

public PrivilegeVerifiedState(Guid userUuid,
public PrivilegeVerifiedState(
Guid userUuid,
string cvrNumber,
IUserRepository userRepository,
IStsBrugerInfoService stsBrugerInfoService,
ISsoUserIdentityRepository ssoUserIdentityRepository,
ISsoStateFactory ssoStateFactory)
{
_userUuid = userUuid;
_cvrNumber = cvrNumber;
_stsBrugerInfoService = stsBrugerInfoService;
_ssoUserIdentityRepository = ssoUserIdentityRepository;
_userRepository = userRepository;
Expand All @@ -44,7 +48,7 @@ public override void Handle(FlowEvent @event, FlowContext context)
}
else
{
var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid);
var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid, _cvrNumber);
if (!stsBrugerInfo.HasValue)
{
context.TransitionTo(_ssoStateFactory.CreateErrorState(), _ => _.HandleUnableToResolveUserInStsOrganisation());
Expand All @@ -58,7 +62,7 @@ public override void Handle(FlowEvent @event, FlowContext context)
}
else // Try to find the user by email
{
var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid);
var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid, _cvrNumber);
if (!stsBrugerInfo.HasValue)
{
context.TransitionTo(_ssoStateFactory.CreateErrorState(), _ => _.HandleUnableToResolveUserInStsOrganisation());
Expand Down
2 changes: 1 addition & 1 deletion Core.ApplicationServices/SSO/State/UserIdentifiedState.cs
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ private void HandleUserWithSsoIdentity(FlowContext context)
}
else
{
//If not sso binding exists for the organization, try to create one by finding the org by cvr and adding the sso relation
//If no sso binding exists for the organization, try to create one by finding the org by cvr and adding the sso relation
var organizationByCvrResult = _organizationRepository.GetByCvr(_externalUser.MunicipalityCvr);
if (organizationByCvrResult.HasValue)
{
Expand Down
1 change: 1 addition & 0 deletions Core.ApplicationServices/SSO/StsAdgangsStyringConstants.cs
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ public static class StsAdgangsStyringConstants
public static class Attributes
{
public const string PrivilegeKey = "dk:gov:saml:attribute:Privileges_intermediate";
public const string CvrNumber = "dk:gov:saml:attribute:CvrNumberIdentifier";
}
}
}
2 changes: 1 addition & 1 deletion Core.DomainModel/Result/Maybe.cs
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ public Maybe<TResult> Select<TResult>(Func<T, TResult> selector)
throw new ArgumentNullException(nameof(selector));

return HasValue ?
Maybe<TResult>.Some(selector(Value)) :
selector(Value).FromNullable() :
Maybe<TResult>.None;
}

Expand Down
2 changes: 0 additions & 2 deletions Core.DomainServices/Core.DomainServices.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,6 @@
<Compile Include="Repositories\GDPR\SensitivePersonalDataTypeRepository.cs" />
<Compile Include="SSO\StsAdresseHelpers.cs" />
<Compile Include="SSO\StsOrganisationConstants.cs" />
<Compile Include="SSO\StsOrganisationHelpers.cs" />
<Compile Include="SSO\StsOrganisationIntegrationConfiguration.cs" />
<Compile Include="SSO\StsBrugerInfoService.cs" />
<Compile Include="SSO\StsBrugerHelpers.cs" />
Expand All @@ -118,7 +117,6 @@
<Compile Include="Repositories\Qa\IBrokenExternalReferencesReportRepository.cs" />
<Compile Include="SSO\StsPersonData.cs" />
<Compile Include="SSO\StsPersonHelpers.cs" />
<Compile Include="SSO\StsVirksomhedHelpers.cs" />
<Compile Include="Time\IOperationClock.cs" />
<Compile Include="Repositories\KLE\IKLEConverterHelper.cs" />
<Compile Include="Repositories\KLE\IKLEParentHelper.cs" />
Expand Down
2 changes: 1 addition & 1 deletion Core.DomainServices/SSO/IStsBrugerInfoService.cs
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@ namespace Core.DomainServices.SSO
{
public interface IStsBrugerInfoService
{
Maybe<StsBrugerInfo> GetStsBrugerInfo(Guid uuid);
Maybe<StsBrugerInfo> GetStsBrugerInfo(Guid uuid, string cvrNumber);
}
}
Loading

0 comments on commit 9ca716b

Please sign in to comment.